OpenStack Identity (keystone)

Keystone doesn't allow any input fields which has ":" or "-"

Bug #1241218 reported by Haneef Ali
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Invalid
Low
Unassigned

Bug Description

If we define a custom field called "My-Filed" and pass it as input it is getting converted to "My_Field" internally. I believe this converston should happen only for HTTP headers and not for payload.

e.g

POST /users

{
  "name" : "haneef"
   "emailAddress" : "a@b.com"
  "MY-Field" : "MyCustomFiled"

}

Keytone converts the payload to

POST /users

{
  "name" : "haneef"
   "emailAddress" : "a@b.com"
  "MY_Field" : "MyCustomFiled"

}

before passing it to identity driver.

commons/wsgi.py
def _normalize_arg(self, arg):
        return str(arg).replace(':', '_').replace('-', '_')

That is the function that is converting it. I believe this normalization should happen only for HTTP headers and not for payload

If the create_user call comes to

@controller.protected()
    def create_user(self, context, user):
        self._require_attribute(user, 'name')

        ref = self._assign_unique_id(self._normalize_dict(user))
        ref = self._normalize_domain_id(context, ref)
        ref = self.identity_api.create_user(ref['id'], ref)
        return UserV3.wrap_member(context, ref)

due to normalize_dict, the payload is getting changed. Is it a bug or keystone doesn't allow "-" , ":" in payload?

Revision history for this message
Dolph Mathews (dolph) wrote :

I believe this behavior is/was intended to support v2.0 API extension prefixes.

Changed in keystone:
importance: Undecided → Low
Liusheng (liusheng)
Changed in keystone:
assignee: nobody → Liusheng (liusheng)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/65423

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.openstack.org/65429

Revision history for this message
Liusheng (liusheng) wrote :

Haneef Ali said:

We should not allow ":" "-" is fine.
In xml ":" is used as XML name space delimiter. If you allow ":" in field name then in xml you will have ":". I don't think any parser will recognize this.
e.g Assume field name is my:xyz, then in xml it will transform to
  my:xmz in case of default namespace prefix and
  prefix:my:xyx in case of named prefix.
None of the openstack projects care about xml support but in case if they plan to support it, it is better to not have ":"

Liusheng (liusheng)
Changed in keystone:
assignee: Liusheng (liusheng) → nobody
Liusheng (liusheng)
Changed in keystone:
status: In Progress → New
Liusheng (liusheng)
Changed in keystone:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.